SirHurt | ROBUX 1k/4.60$ A/T & Script Executor | Lifetime 10$ | Service since 2015

Bro genuiley, stop being such an incompetent fool who doesn't care of user security. Ps: Jacking off to kids isn't the ideal thing to do

my data got leaked in the database breach a while ago, deleted my SirHurt account right after.

uhhhh, why are u still here?

@Zera You seriously still believe that crap? I hope you're joking.

ew no

synapse's better

@RiceUsesArchBtw Each product has it's different strengths and each person has different tastes. SirHurt does for some what Synapse can't for them and some people pick Synapse because it's what there looking for. I know people who like SirHurt over synapse, and vise versa. It's down to the person and it's completely fair to allow them to make their own decision.

@SirWeeb Site's get compromised on the daily. It's nothing new. No matter how big or small the company, there's always chances for slip ups and SirHurt was one of those unfortuniate ones back in the day. We've taken steps to ensure what happened doesn't happen again and patched the holes used by those who got hands on sensitive SirHurt files. We're sorry for any harm that may of come to you as a result, but in the end the stuff that was obtained was relatively harmless information because we don't collect much in terms of logs, and never have. SirHurt isn't the first exploit to suffer a data breach, Synapse X did too. However their databases didn't get leaked because they were paid off to keep it quiet. I honestly don't blame 3ds for paying a bribe and keeping it hush hush, because when word spreads and gets out people go batcrap crazy even if it's the smallest of things leaked and they have a 'reputation' to maintain. Even if it's only something as simple as your computers username, such as "User", which literally has zero way of identifying you as a person out of the millions in the world, you wouldn't believe how much people overreact. 

Literally the only things that people managed to obtain were a hash/salted password, your email, your ip address (which can literally change at anytime. mine does every so often), and the username of the pc user which is set when they install windows. Computer usernames are normally things like 'user' 'admin' 'asus' etc. Harmless. I'd say I went a bit overboard with the security updates, though. For example, your passwords are now salted with a randomly generated 200+ character long string with one of the best and most secure hashing alg's in use to this day. Ain't no cracking that open no matter how hard you try.

@pierre_spook it wasn't just pc name and user. I downloaded the db files from the mega and found a bunch of info that can identify me. I also spoke to one of the people that were involved with the breach, they said it took less than 10 mins. Not trying to start a fight here I'm just saying what I've seen

@SirWeeb No, it wasn't just the PC name and user, as I literally said an IP and email was included in that list. You don't need to tell me what you 'think' you found, because I literally created the system and there isn't anything that would be in there that I wouldn't already have known about. I don't know what 'think' you found and if there's one of us that should be telling the other person about what was or wasn't in our system, it's me not you. I created SirHurt, not you.

The things we collected from auth logs were the users ip, computer username, HWID (not directly identifyable, while this sounds like some fancy unique thing that points you out, this is a identifier which is hashed over salted ten fold before being sent off to our web server making the stored 'HWID' literally useless in terms of identifying you outside of the purpose of making our systems able to verify you as the account holder, the timezone your computers clock is set to (which literally isn't anything more than your ip would tell you, and the email address/pass hash when registered. The worst thing identification wise was the IP address out of everything. Which even that can't be 100% used in every case to locate you. Geoip services are sometimes approximent, I've looked up my IP address before just to find the 'location' it gives me isn't my actual exact physical location. I"m not saying it wasn't bad, absolutely anything leaked is bad regardless of what it was, but I'm saying it could of been a lot worse than it actually was. "10 minutes" is irrelevant, a bug is a bug and the time it took to exploit said bug has no relevance.

Synapse X's database got compromized too, but nobody complains about that. Elysian (the big exploit b4 synapse) literally used to log your ROBLOSECURITY in plain text (which can be used to access your account and steal your robux) had their entire database get leaked WITH THE ROBLOSECURITES IN THEM. If you compare the information obtained from SirHurt versus literally every other exploit's database that was leaked, SIRHURT looks squeaky clean. I've yet to hear one case of someone actually using something from SirHurt's database that harmed one individual. Back to the elysian situation though, it was absolutely halarious because nobody seemed to care dispite thousands of people losing their limiteds and robux causing thousands of dollars worth of losses for the individuals of many, yet, you heard jack crap about it. SirHurt comes along the way and everyone loses their crap.

@pierre_spook

idk abt you, but its quite obvious. Your security was and is probably still is absolute crap

@pierre_spook

but aside from that point hows you and clorox?

@Zera Our security has never been crap, yes, we could of improved in certain areas and we have in every way known to us. How should I know how Clorox is? It was just some guy working for a Sentinel Dev who was an ex-SirHurt dev that got fired for being immature and constantly breaking our rules. Just another attempted play by our competitors to brainwash you into buying their crappier more pricey services with false propaganda and misinformation in an attempt to sway your views. By the looks of it, they've succeeded. It's sad how you let people influence your mind like that. The whole 'pedo' situation was a Sentinel-Ownership ploy and coo created by the people behind Sentinel to drive customers away from SirHurt over to their own product. Sentinel lied, cheated, falsifyed evidence and witness statements just to influence your better judgement. And it worked. You act like you know what's going on, but in all reality, you know absolutely nothing. Verm's staff saw through their ploy, and did their best to defend me for almost a full year. In the end, they were forced by their own community to bannish me because they had absolutely no choice over the matter anymore. They were threatened by a few specific individuals in their community who were threatening to cause staff more mayham and destruction if they didn't rid of me. I told seg to go through with the ban because of the respect I have for him and his staff team for having to put up with so much crap that they never asked or deserved. Even after I was 'banned' publically, giving brainwashed people like you so called 'justice' they still let me be apart of the exploit relations server which voted and contributed on changes to their exploiting section. Yes, I said things I wish I could take back to someone pretending to be a girl over discord, and I pay for that every single day. It never got as far as photos, it was just basic flirting. If I could take a time machine and go back in time and force myself to take back the things that I said, I would. I've changed a lot over the years and regardless of what people like you may 'think' you know and may think of me, but I'm not attracted to kids and never have been and never will be. The situation was blown way over proportation but Sentinel got their wish in the end. Their teams ploy and misinformation campaign succeeded. I pity you for believing the false lies and rumors spread by greedy people who cared more about your wallet than you as a human being. The only thing I ever did wrong was care about our community over income and took pride over my communites enjoyment over our product rather than how much we made. And look where that got me. So, Mr . Zander, what will it be? Are you going to sit there and keep bringing up old propaganda in an attempt to look funny or are you going to let us be here and prove that we aren't who you think we are?

@pierre_spook

you are in the minority, majority always rules when it comes to what is and isn't believable as a standbier. Truly upsetting you had to commit crimes against humanity 

@Zera That's what I thought.